Nuzzo

Legal

Privacy Policy

Last updated: April 19, 2026

Working privacy policy. We'll finalize this before general availability. In short: we don't sell your data, we don't train AI on it, and you can delete it any time.

Who we are

Nuzzo is operated by Wag Technologies LLC, d/b/a Nuzzo (“Nuzzo”, “we”). For privacy questions or data requests, email us at hello@nuzzo.pet.

What we collect

From you (the business owner): email, name, password hash (Argon2id), business name, timezone, billing info (handled by Square — we never see full card numbers).

That you tell us about your clients / pets: client names, contact info, addresses (service addresses), pet profiles (name, breed, medical/feeding notes), photos you upload.

Automatically: IP address + user-agent on login (for session security), basic product analytics via PostHog (page views, clicks, retained anonymized).

What we don't do

  • Sell your data to anyone.
  • Train AI models on your data.
  • Show ads inside the product or on report cards sent to clients.
  • Access your data except when you ask for support or for system maintenance that requires it.

Subprocessors

We use the following services to operate Nuzzo. Each is bound by their own privacy commitments and handles only what they need.

  • Square — payment processor for our own SaaS subscription billing (recurring card charges)
  • Resend — transactional email
  • Twilio — SMS notifications (future)
  • Cloudflare R2 — photo storage
  • Neon — managed Postgres hosting
  • Vercel — application hosting
  • PostHog — product analytics
  • Sentry — error monitoring

Note on client payments: Nuzzo doesn't process or hold money from your clients. When you list a payment method on your invoices (Venmo, Zelle, PayPal, Cash App, or your own payment link), the money flows directly from your client to you via that provider — Nuzzo never touches it. Each provider has its own privacy policy; we don't share your clients' data with any of them.

How we protect it

  • All traffic over HTTPS. Data at rest encrypted by our hosting providers.
  • Passwords hashed with Argon2id (not bcrypt). Session tokens SHA-256 hashed at rest.
  • Multi-tenant isolation at the data-access layer — your business's data is queried with a scoped client that makes cross-tenant access impossible.
  • CSRF tokens, rate limiting, account lockout on auth.

Your rights

You can export your data at any time from the in-app settings, or email hello@nuzzo.pet. You can delete your account and all associated data at any time — we retain for 60 days in case of accidental deletion, then permanently purge.

GDPR / UK-GDPR / CCPA: we act as the processor of your business data, and you act as the controller for your clients. We'll sign a DPA at /legal/dpa if your jurisdiction requires one.

Cookies

We use strictly necessary cookies (session auth, CSRF). No third-party marketing cookies. PostHog uses a first-party cookie for anonymous session identification.

Contact

Privacy questions: hello@nuzzo.pet.

Privacy Policy | Nuzzo · Nuzzo